On Monday, June 5, the Health Care Industry Cybersecurity Task
Force (the "HCIC Task Force") issued its
Report on Improving Cybersecurity in the Health Care Industry
to Congress. The report highlighted that health care cybersecurity
is a "key public health concern that needs immediate and
aggressive attention."
In the report, the HCIC Task Force identified six
"imperatives" that must be achieved to increase security
within the health care industry. The six imperatives are:
Define and streamline leadership,
governance and expectations for health care industry
cybersecurity.
Increase the security and resilience
of medical devices and health IT.
Develop the health care workforce
capacity necessary to prioritize and ensure cybersecurity awareness
and technical capabilities.
Increase health care industry
readiness through improved cybersecurity awareness and
education.
Identify mechanisms to protect
R&D efforts and intellectual property from attacks or
exposure.
Improve information sharing of
industry threats, risks, and mitigations.
The HCIC Task Force was established by Congress in the
Cybersecurity Act of 2015 to address the challenges the health care
industry faces when securing and protecting itself against
cybersecurity incidents, whether intentional or unintentional.
Recognizing the complex nature of the United States health care
system and the need to bring together representatives of numerous
constituencies from both public and private sectors, the HCIC Task
Force consists of individuals representing the federal government,
hospitals, public and private payers, pharmaceutical companies,
medical device manufacturers, technology companies and
others.
Also in the report, the HCIC Task Force notes that the U.S.
health care industry is facing several challenges, such as the lack
of security talent in the health care sector, the widespread use of
legacy equipment, premature or overconnectivity without secure
design or implementation, vulnerabilities that impact patient care,
and an epidemic of "known vulnerabilities." These
challenges are further compounded by the health care industry's
complex structure, which include a diverse range of participants
and a tangled web of well-intentioned federal and state laws and
regulations, which in some cases are inconsistent and incapable of
being reconciled and in others may be impeding the sharing of data
and other matters that are vital to improving our health care
system and the delivery of patient care. The HCIC Task Force also
recognized that these challenges are expected to continue to
increase as the Internet of Things, automated medical delivery
systems, and other digital health initiatives become an integral
part of the health care system.
Each of the six imperatives feature a cascade of recommendations
and related action items for implementation. The HCIC Task Force
notes in the report that successful implementation of these
imperatives will require further collaboration between the public
and private sectors. In total, the recommendations discuss changes
to existing regulations and laws that impact the health care
industry and the creation of new regulations and frameworks that
are specifically designed for the health care industry.
We are continuing to review the HCIC Task Force's report and
will provide additional insight with respect to the six
recommendations and the associated action items in the near
future.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A June 1 article, "Blue Cross Exec Tests HIPAA By Describing $12M Patient," in Law360 provides an analysis of a recent incident in which a Wellmark Blue Cross & Blue Shield executive made a public comment about a patient who has accrued $12 million in annual medical bills.
This is our quasi-annual update to our cheat sheet about ediscovery for defendants. Essentially that means using discovery to obtain access to what plaintiffs have said about themselves, and their supposed injuries, on social media.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).